What is SAP/FPE Security?

SAP Security

SAP is an enterprise application that supports business activities in various industries.

It integrates and manages businesses such as manufacturing, development, purchase, marketing, service, logistics, distribution, and accounting. General company activities such as finance, HR, sales, distribution, logistics, facility and construction management, medical security sector to manage patients’ personal information, and customer and sales management system of a mobile service provide…. the list is endless.

With the mixture of all information, the 365 x 24 operating SAP is the business activity of a company.

Most people think that the ERP (Enterprise resource planning) system is very safe because it is only used inside a company. However, the boundary between inside and outside of a company is disappearing as the ERP system is evolving to an integrated system across the company. SAP has integrated the expansion packages such as CRM, SCM, and SRM with the ERP system.

As a result, the security issue of the ERP system has been expanded to the business level beyond the technology level.

SAP includes important information including the employees’ personal information, financial transaction records, and commercial confidentiality. This information is the very important commercial confidentiality that can destroy a company if the information is exposed. In addition, it is the information that must be encrypted in accordance with the Privacy Protection Act.

Most people think that the ERP (Enterprise resource planning) system is very safe because it is only used inside a company. However, the boundary between inside and outside of a company is disappearing as the ERP system is evolving to an integrated system across the company. SAP has integrated the expansion packages such as CRM, SCM, and SRM with the ERP system.

As a result, the security issue of the ERP system has been expanded to the business level beyond the technology level.

SAP includes important information including the employees’ personal information, financial transaction records, and commercial confidentiality. This information is the very important commercial confidentiality that can destroy a company if the information is exposed. In addition, it is the information that must be encrypted in accordance with the Privacy Protection Act.

However, companies cannot encrypt the ERP data like SAP. Because of the characteristics of data structure or the program, it is not easy to implement encryption for ERP data.

FPE Security

FPE has taken a renewed interest because of the recent release of standards published by NIST. FPE allows data to maintain it’s schema without making changing to the database or applications. For example, when FPE is applied to a credit card number with 16 digits, it will produce a different 16 digit number. This will still protect a user’s Personal Identifiable Information (PII) in case of a breach. Companies can meet compliance for regulations such as PCI-DSS without taking on huge expenses to apply changes to internal systems such as SAP.

Due to the nature of encryption, when applying symmetric cryptography such as DES or AES to data, it expands the data beyond its original size and changes its format. This then requires changes in databases and business-critical applications to accommodate this new data. FPE provides a logical alternative to avoid unnecessary restructuring while providing protection for sensitive data.

D’Amo for SAP is a product with the technology of Penta Security’s Security Technology Lab, which has researched encryption for 16 years and possesses encryption know-how accumulated through over 2,000 references.

The most important thing for encryption is key management. In addition, as well as the repository, encryption of communication sections where data are transferred is very important.

D’Amo for SAP includes the exclusive key management server and SAP-certified encryption of communication sections.

By using the FPE technology, safe key management through the hardware type exclusive key management server, and the certified communication encryption technology are possible.